China’s Ministry of State Security Allegedly Hacking Online Gambling Platforms

Posted on: August 9, 2023, 07:41h. 

Last updated on: August 9, 2023, 11:01h.

Erik Gibbs Read More
Expertise: Asia Pacific Gaming, Gaming Business, Global Gaming.

Someone may be prying on your gaming activity when you visit an online casino. A recent study revealed that government, telecommunications companies, and even online gambling operators across at least 17 countries have fallen victim to cyberattacks. These were allegedly carried out by hackers associated with China’s Ministry of State Security, a reportedly civilian intelligence agency, commencing from 2021 onward.

Xi Jinping, China’s president, participates in a session on the opening day of the Eastern Economic Forum in Vladivostok, Russia in 2018
Xi Jinping, China’s president, participates in a session on the opening day of the Eastern Economic Forum in Vladivostok, Russia in 2018. He’s leading a country that actively supports hackers infiltrating governments and online gaming sites. (Image: Bloomberg)

The team at Insikt Group, a threat research department within global threat analysis firm Recorded Future, has been analyzing RedHotel, an advanced cyber-espionage organization allegedly backed by China. The group is notorious for orchestrating numerous sophisticated malware attacks and espionage missions targeting various nations in Southeast Asia and Asia.

Recorded Future uncovered a network spread across an extensive range of nations, including Afghanistan, Bangladesh, Cambodia, Hong Kong, India, Malaysia, Palestine, the Philippines, Thailand, Taiwan, the U.S., and Vietnam. The hackers primarily aimed their endeavors at significant political entities, but apparently put online gambling platforms on the same level.

A Global Threat No One Sees

Recorded Future’s Jon Condra –who heads the organization’s Strategic and Persistent Threats team and who coauthored the report — highlighted RedHotel’s significant role as an ardent advocate for the Chinese state. Its support extends to multiple organizations worldwide and spans diverse industry verticals. Both Microsoft and SecureWorks track the group as well.

Its alleged victims include pro-democracy organizations in Hong Kong, research institutions in Taiwan, religious minorities, and even online gaming enterprises. Condra points out that RedHotel hacked into an unidentified U.S. state government in 2022, and regularly conducts “intelligence gathering in tandem with economic espionage.”

He adds that the group is most likely operating out of the Chinese city of Chengdu, and is just one of several groups the Chinese government supports. All these efforts serve to bolster China’s military capabilities and reinforce its economic supremacy.

Governments in Southeast Asia face considerable danger from the group. However, RedHotel is reportedly diverting its attention toward diverse domains such as education, aviation, media, communications, and research and development.

Researchers state that the main objective of the group is to collect information and engage in financial spying. They further mention that multiple other organizations have conducted investigations into the group’s cyberattacks since 2019.

In addition to trying to gain access to legislative bodies in the U.S., the group has previously focused on entities that were conducting scientific research on COVID-19. Condra calls RedHotel “one of the most active [and] prolific Chinese state-sponsored groups that [Recorded Future tracks], and they target organizations globally across a wide range of industry verticals.”

How RedHotel Operates

Recorded Future asserts that Chengdu has emerged as a central node for China’s advanced persistent threat (APT) endeavors. The groups allegedly have notable connections with Chinese businessmen and local universities to help advance their cause.

Based on historical precedent, we expect RedHotel to continue this activity unperturbed, with the group regularly displaying a high operational risk appetite in the face of public industry reporting,” warned Insikt Group.

Chinese hackers commonly employ a range of malware in their attacks, which includes well-known types of software cybersecurity experts have already identified. They also use custom malware that is sometimes more difficult to track.

RedHotel will first try to identify a target that is susceptible to an attack. For years, according to Recorded Future, it was able to use malware that Windows systems thought was a legitimate Microsoft troubleshooting product.

Once it gains access, the malware starts to retrieve data and send it to the group. The software stays on the system, continuously removing information as it can, even “for months or even years after public reporting.”

Reports surfaced this week that suggest government infrastructures may already be compromised. The New York Times reported that Chinese malware has been found on “critical” military systems. The Washington Post added that China has infiltrated the “highest levels” of the Japanese government.